/**
 * 
 */
package com.jeearsenal.struts2.interceptors;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.struts2.StrutsStatics;

import com.jeearsenal.model.User;
import com.jeearsenal.utils.StringUtils;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

/**
 * It should look for a handle "USER_HANDLE" in the session.
 * If it does not find it, it tries to find out "USERNAME" and "PASSWORD"
 * as request parameters. If found successfully, it tries to authenticate
 * the user and subsequently if authentication is successful, it returns
 * "auth-success". If authentication fails, it returns "auth-failed".
 * 
 * If it fails in any other way, it returns "auth-error", so request can be redirected to
 * the login page. 
 *  
 * 
 * @author Ashish Kumar Sinha
 *
 */
public class AuthenticationInterceptor implements Interceptor, StrutsStatics{

	/**
	 * 
	 */
	private static final long serialVersionUID = 2491389202444300766L;
	public final String AUTH_SUCCESS = "auth-success";
	public final String AUTH_FAILED= "auth-failed";
	public final String AUTH_ERROR = "auth-error";
	
	private StringUtils stringUtils;
	private HttpServletRequest servletRequest;

	/**
	 * @return the stringUtils
	 */
	public StringUtils getStringUtils() {
		return stringUtils;
	}

	/**
	 * @param stringUtils the stringUtils to set
	 */
	public void setStringUtils(StringUtils stringUtils) {
		this.stringUtils = stringUtils;
	}

	/* (non-Javadoc)
	 * @see com.opensymphony.xwork2.interceptor.Interceptor#destroy()
	 */
	public void destroy() {
		// TODO Auto-generated method stub
		System.out.println("inside AuthenticationInterceptor.destroy()");
	}

	/* (non-Javadoc)
	 * @see com.opensymphony.xwork2.interceptor.Interceptor#init()
	 */
	public void init() {
		// TODO Auto-generated method stub
		System.out.println("inside AuthenticationInterceptor.init()");

	}

	/* (non-Javadoc)
	 * @see com.opensymphony.xwork2.interceptor.Interceptor#intercept(com.opensymphony.xwork2.ActionInvocation)
	 */
	public String intercept(ActionInvocation invocation) throws Exception {
		/*
		 *  Get the action context from the invocation so we can access the
		 *  HttpServletRequest and HttpSession objects.
		 */
		final ActionContext context = invocation.getInvocationContext();
		servletRequest = (HttpServletRequest) context.get(HTTP_REQUEST);
		HttpSession session = servletRequest.getSession(true);
		
		// Get the USER_HANDLE from session
		User user = (User) session.getAttribute("USER_HANDLE");
		if(user == null){
			// Get USERNAME and PASSWORD from request
			String username = servletRequest.getParameter("USERNAME");
			String password =  servletRequest.getParameter("PASSWORD");
			stringUtils = new StringUtils();
			if(stringUtils.isBlank(username) || stringUtils.isBlank(password)) {
				// Either user has not filled the login form or not filled correctly.
				System.out.println("AuthenticationInterceptor DONE -- returning ERROR");
				return AUTH_ERROR;
			}
			
			// Now authenticate USER credential
			// for now just dummy info
			/*user = authService.authenticate(username, password);
			if(user == null){
				return AUTH_FAILED; 
			}*/
			user = new User();
			user.setId(username);
			user.setFirstName(username.toUpperCase());
			user.setLastName("DummyLastName");
			
			session.setAttribute("USER_HANDLE", user);
			System.out.println("AuthenticationInterceptor DONE -- returning SUCCESS");
			return AUTH_SUCCESS;
			
		} else {
			return invocation.invoke();
		}
	}

	/*
	 * (non-Javadoc)
	 * @see org.apache.struts2.interceptor.ServletRequestAware#setServletRequest(javax.servlet.http.HttpServletRequest)
	 */
	public void setServletRequest(HttpServletRequest req) {
		this.servletRequest = req;
		System.out.println("Serlvet Request set into the AuthenticationInterceptor");
	}

	/**
	 * @return the servletRequest
	 */
	public HttpServletRequest getServletRequest() {
		return servletRequest;
	}

}
